11-15-2012 02:10 PM
I am trying to get source-nating to work and I am having some issues. I am doing this in a lab environment so the IP assignments aren't goint to be exactly like production as I don't have public IP assignments to play with. I have two vlans configured on the controller:
Vlan 301 - 184.108.40.206 255.255.255.0
Vlan 7 - 192.168.1.10 255.255.255.0 (guest network that connects to a FW with internet access)
The controller is handing out DHCP leases on VLAN 301 and I would like for those users to get source-nat'ed to 192.168.1.55. I have a NAT pool created like so "ip NAT pool corp-dev-srcnat 192.168.1.55 192.168.1.55" and a FW policy setup for users that connect to VLAN 301 that states "user any any src-nat pool corp-dev-srcnat log". Based off this I would think that all users that connect to VLAN 301 would get source-nat'ed to 192.168.1.55 (which is looks like they do in the logs). The problem is the user has zero connectivity. Is there something I am missing in this type of setup?
11-15-2012 04:52 PM
Is there a route in your infrastructure back to 192.168.1.55?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
11-16-2012 07:20 AM
Thanks for the information - I will check into that. Also I have a general question in regards to the NAT Pool configuration on the Aruba Controller. In production VLAN 7 will actually be configured on the Aruba Controller as an access port with a public IP address associated with it, the other side will be connected to a FW that is connected to the internet. I want to source NAT users in the 220.127.116.11 /24 subnet so that they go out the VLAN 7 interface - would the ip address that i use be the one that's configured on the Aruba Controller?